diff --git a/nix/modules/default/default.nix b/nix/modules/default/default.nix index 767923550..30c15d59b 100644 --- a/nix/modules/default/default.nix +++ b/nix/modules/default/default.nix @@ -29,37 +29,18 @@ let ); in { - imports = [ ./integration-nginx.nix ]; + imports = [ + ./integration-nginx.nix + ./secrets.nix + ./users.nix + ]; options.services.spacebarchat-server = let - mkEndpointOptions = - defaultHost: defaultPort: - lib.mkOption { - type = lib.types.submodule { - options = { - useSsl = lib.mkEnableOption "Use SSL for this endpoint."; - host = lib.mkOption { - type = lib.types.str; - default = defaultHost; - description = "Host to bind to."; - }; - localPort = lib.mkOption { - type = lib.types.port; - default = defaultPort; - description = "Port to bind to."; - }; - publicPort = lib.mkOption { - type = lib.types.port; - default = 443; - description = "Public port to use in .well-known, defaults to 443."; - }; - }; - }; - default = { }; - }; + mkEndpointOptions = import ./options-subtypes/mkEndpointOptions.nix { inherit lib; }; in { enable = lib.mkEnableOption "Spacebar server"; + enableAdminApi = lib.mkEnableOption "Spacebar server Admin API"; package = lib.mkPackageOption self.packages.${pkgs.stdenv.hostPlatform.system} "spacebar-server" { default = "default"; }; databaseFile = lib.mkOption { type = lib.types.nullOr lib.types.path; @@ -84,72 +65,6 @@ in description = "Path to store CDN files."; }; - cdnSignaturePath = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = null; - description = "Path to the secret"; - }; - legacyJwtSecretPath = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = null; - description = "Path to the secret"; - }; - mailjetApiKeyPath = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = null; - description = "Path to the secret"; - }; - mailjetApiSecretPath = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = null; - description = "Path to the secret"; - }; - smtpPasswordPath = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = null; - description = "Path to the secret"; - }; - gifApiKeyPath = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = null; - description = "Path to the secret"; - }; - rabbitmqHost = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = null; - description = "Path to the secret"; - }; - rabbitmqHostPath = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = null; - description = "Path to the secret"; - }; - abuseIpDbApiKeyPath = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = null; - description = "Path to the secret"; - }; - captchaSecretKeyPath = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = null; - description = "Path to the secret"; - }; - captchaSiteKeyPath = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = null; - description = "Path to the secret"; - }; - ipdataApiKeyPath = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = null; - description = "Path to the secret"; - }; - requestSignaturePath = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = null; - description = "Path to the secret"; - }; - extraEnvironment = lib.mkOption { default = { }; description = '' @@ -253,7 +168,7 @@ in "~@privileged" "@chown" # Required for copying files with FICLONE, apparently. ]; - CapabilityBoundingSet=[ + CapabilityBoundingSet = [ "~CAP_SYS_ADMIN" "~CAP_AUDIT_*" "~CAP_NET_(BIND_SERVICE|BROADCAST|RAW)" @@ -306,14 +221,6 @@ in # } ]; - users.users.spacebarchat = { - isSystemUser = true; - description = "Spacebar service user"; - home = "/var/lib/spacebar"; - group = "spacebarchat"; - }; - users.groups.spacebarchat = { }; - systemd.services.spacebar-api = makeServerTsService { description = "Spacebar Server - API"; environment = builtins.mapAttrs (_: val: builtins.toString val) ( diff --git a/nix/modules/default/options-subtypes/mkEndpointOptions.nix b/nix/modules/default/options-subtypes/mkEndpointOptions.nix new file mode 100644 index 000000000..979ec3043 --- /dev/null +++ b/nix/modules/default/options-subtypes/mkEndpointOptions.nix @@ -0,0 +1,25 @@ +{ lib }: +defaultHost: defaultPort: +lib.mkOption { + type = lib.types.submodule { + options = { + useSsl = lib.mkEnableOption "Use SSL for this endpoint."; + host = lib.mkOption { + type = lib.types.str; + default = defaultHost; + description = "Host to bind to."; + }; + localPort = lib.mkOption { + type = lib.types.port; + default = defaultPort; + description = "Port to bind to."; + }; + publicPort = lib.mkOption { + type = lib.types.port; + default = 443; + description = "Public port to use in .well-known, defaults to 443."; + }; + }; + }; + default = { }; +} diff --git a/nix/modules/default/secrets.nix b/nix/modules/default/secrets.nix new file mode 100644 index 000000000..7b6a6ccfd --- /dev/null +++ b/nix/modules/default/secrets.nix @@ -0,0 +1,70 @@ +{ lib, ... }: +{ + options.services.spacebarchat-server = { + cdnSignaturePath = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "Path to the secret"; + }; + legacyJwtSecretPath = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "Path to the secret"; + }; + mailjetApiKeyPath = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "Path to the secret"; + }; + mailjetApiSecretPath = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "Path to the secret"; + }; + smtpPasswordPath = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "Path to the secret"; + }; + gifApiKeyPath = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "Path to the secret"; + }; + rabbitmqHost = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "Path to the secret"; + }; + rabbitmqHostPath = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "Path to the secret"; + }; + abuseIpDbApiKeyPath = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "Path to the secret"; + }; + captchaSecretKeyPath = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "Path to the secret"; + }; + captchaSiteKeyPath = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "Path to the secret"; + }; + ipdataApiKeyPath = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "Path to the secret"; + }; + requestSignaturePath = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "Path to the secret"; + }; + }; +} diff --git a/nix/modules/default/users.nix b/nix/modules/default/users.nix new file mode 100644 index 000000000..414ef68de --- /dev/null +++ b/nix/modules/default/users.nix @@ -0,0 +1,10 @@ +{ ... }: +{ + users.users.spacebarchat = { + isSystemUser = true; + description = "Spacebar service user"; + home = "/var/lib/spacebar"; + group = "spacebarchat"; + }; + users.groups.spacebarchat = { }; +} diff --git a/nix/tests/test-bundle-starts.nix b/nix/tests/test-bundle-starts.nix index 5f1a3f901..421517bcb 100644 --- a/nix/tests/test-bundle-starts.nix +++ b/nix/tests/test-bundle-starts.nix @@ -23,6 +23,7 @@ in gatewayEndpoint = sb.mkEndpoint "gw.sb.localhost" 3002 false; cdnEndpoint = sb.mkEndpoint "cdn.sb.localhost" 3003 false; nginx.enable = true; + serverName = "sb.localhost"; }; in lib.trace ("Testing with config: " + builtins.toJSON cfg) cfg;